Hi All
We are seeing an issue in our env whereby our applications intermittently do not work. What I see in the DFW logs is that the initial SYN packet from the client to the server is allowed but the SYN-ACK back from the server to the client is dropped on the DFW. This does not happen all the time, i see this when users complain of application issues. Any ideas why the SYN-ACK packet of the 3 WAY handshake is getting dropped. Will appreciate if anyone can share any insight.
Thanks
Is this a stateless or stateful rule? Check the section where the rule is and make sure it is marked as stateful. Have you created it for both directions?
SA packet is getting dropped by different FW rule (5475).
Can you please share the config for DFW rules 5475 & 5459.
Posts about NSX-T written by Tomas Fojta.either NSX-T backed Org VDC or the migration tool (yet), but some issues can be The DFW supports IP Sets and Security Groups containing network objects that apply rules to all connected VMs.